Got a New Phone For Christmas? Don't Forget These Safety Tips

While most of the focus has been on Android malware, it's worth practicing safe security on any mobile devices. There are plenty of threats out there that aren't specific to Android malware. SecurityWatch posted an infographic last week on how to keep your devices secure this holiday season and also keep the following tips in mind.

Perhaps you got a shiny phone for Christmas. Or your New Year's resolution is to start practicing safe mobile security.

Mobile malware has been growing over the past year, and security researchers don't see that trend reversing anytime soon. Practically every predictions list about security issues in 2013 claim mobile malware will continue to grow. Just a few days ago, SecurityWatch reported SpamSoldier, in which infected Android devices joined a SMS-spam-sending botnet. With Zeus-in-the-mobile and Carberp-in-the-mobile targeting banking users, everyone should be taking some steps to be safe.

While most of the focus has been on Android malware, it's worth practicing safe security on any mobile platform. There are plenty of threats out there that aren't specific to Android malware. SecurityWatch posted an infographic last week with great tips on keeping your devices secure. Here are a few more.

The Mobile Device is a Computer"The first thing to know about your new Android is that it is a full-fledged computer with a full-fledged operating system, one that just happens to be able to make phone calls (if it is a smartphone)," Cameron Camp, a security researcher with ESET, said in a recent blog post.

Many users forget that mobile devices are essentially computers, and are always on the network, which means there are more risks and threats to think about. It's not "just" a phone or "just" a gaming device. You can do a lot more, and the criminals are banking on that fact. If you apply some of the security smarts from the desktop/laptop world onto the smartphone and tablet, you will be safer. Don't click on dodgy-looking links and don't download unfamiliar applications.

After clicking on a Web link, pay close attention to the address to make sure it matches the Web site it claims to be, especially if you are asked to enter account or login information, according to Lookout Mobile Security. Users may need to scroll up to be able to see the URL since many devices hide the URL to maximize screen real estate. Taking that extra time is worth it if it means you escape a phishing attempt.

Stick with Official ChannelsFor many of us in the desktop world, we got in a habit of searching online for a software and downloading, without thinking too much about the source. Don't do that in the mobile world, especially for Android. Stick with Google Play, or the Amazon App Store, and other authorized app markets.

Many mobile device scammers find a popular app in Google Play, wrap it with malicious code and then make it available from a third-party site as a "free" version of the app. If users find the app, and think they are getting a deal because the normally-paid app is available for free, then they may wind up with a nasty surprise. The app itself may install fine, but "then the malicious code will kick in and do things like ramp up your cell phone bill by sending premium rate SMS messages silently behind the scenes," Camp said.

Stick with Secure NetworksGet in the habit of not willy-nilly hopping on to open hotspots. Try to stick to secured networks (using a WPA or better encryption) so that data you are transmitting is encrypted and harder to intercept. If you are going to be doing sensitive tasks from your mobile device, such as online banking, you are much safer doing so over the carrier's 3G or 4G connection rather than a wireless network.

In fact, it might be best to keep all network connectivity, such as NFC (near-frequency communications), wireless, and Bluetooth disabled by default, Lookout suggests. Turn it on when you know you need it so that you don't find your devices accidentally connecting and exposing you to attack.

Slow and Steady With the AppsAs we mentioned in that infographic last week, just because you have a shiny device doesn't mean you should rush out and fill it up with tons of apps. Users should slow down and look at the terms of service, at the permissions the apps ask for, and make sure they understand what the app is going to do.

There are several Android malware scanners (Lookout offers one) that scan mobile apps as they are downloaded to ensure they aren't malicious. Some also check Website URLs to make sure they are not on any known blacklists. It's also a good idea to install an app if your carrier doesn't already support a way to track lost devices via GPS and remotely locking or wiping stolen devices.

Check Out the ChecklistThe Federal Communications Commission unveiled a Smartphone Security Checker on its Website earlier this month. It's essentially a static list for each mobile operating system, Android, iOS, BlackBerry, and Windows Phone, but still is jam-packed with good tips and recommendations on how to secure the devices

The tool has best practices on how to set pins and passwords, where to find security apps, how to enable remote locating and data wiping, and how to backup data in case your device is ever lost or stolen.

"Having your guard up, and possibly some software protections in place, will go a long ways toward keeping your personal information safe from harm, and can instill some peace-of-mind as you become infatuated with your new mobile hotness this season," Camp said.

About the Author

Fahmida Y. Rashid is a senior analyst for business at PCMag.com. She focuses on ways businesses can use technology to work efficiently and easily. She is paranoid about security and privacy, and considers security implications when evaluating business technology. She has written for eWEEK, Dark Reading, and SecurityWeek covering security, core Inte... See Full Bio

Get Our Best Stories!

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.